Cyber security Incident – REQUEST FOR ASSISTANCE FORM

(Evaluation Services)

This form can be used to request assistance from the National Cyber Security Centre (NCSC) in relation to a cyber security incident. NCSC is part of the Government Communications Security Bureau.

As an initial form of assistance, NCSC may be able to provide you with evaluation services in relation to the cyber security incident. NCSC can only provide evaluation services on the basis of the terms and conditions set out in this form (NCSC Evaluation Services Terms and Conditions).

Send this completed form to NCSC by email (), or post (National Cyber Security Centre, PO Box 12-209, Wellington 6144). If the completed form contains confidential or classified information, or if you have concerns about the integrity of your computer, please contact NCSC to arrange an alternative method of receipt.

If the matter is urgent, you can contact NCSC by phone on (04) 498 7654.

At any time, please also contact NCSC if you:

  • have any queries about this form and the evaluation services provided by NCSC;
  • wish to disclose the fact you have sought, or are receiving, assistance from NCSC; or
  • are approached by anyone outside of your organisation in relation to the reported cyber security incident.

Part 1: Your CONTACT DETAILS
your Organisation
Organisation Name: / Click here to enter text. /
Physical Address: / Click here to enter text.
/
Postal Address: / Click here to enter text.
/
Contact Person
First Name: / Click here to enter text. / Last Name: / Click here to enter text. /
Job Title: / Click here to enter text. /
Work phone: / Click here to enter text. / Mobile: / Click here to enter text. /
Email: / Click here to enter text. /
Alternative Contact Person
First Name: / Click here to enter text. / Last Name: / Click here to enter text. /
Job Title: / Click here to enter text. /
Work phone: / Click here to enter text. / Mobile: / Click here to enter text. /
Email: / Click here to enter text. /
Part 2: cyber security incident details
your system details
Government System classification, if any: / Click here to enter text. /
Information/Security Services Outsourced? / No / Yes (if so, please name company):Click here to enter text.
Gateway Outsourced? / No / Yes (if so, please name provider): Click here to enter text.
Public-facing IP Address Range: / Click here to enter text. /
Incident Description
Please provide a brief summary of the incident, including whether any attack was successful and resulted in any compromise or disruption of services. Please also identify any sensitivities in relation to the information or people affected by the incident.
Date Identified: / Click here to enter text. /
Time Identified: / Click here to enter text. /
Incident Status
ResolvedUnresolved
Part 3: request for assistance
Assistance Requested
Please provide a brief summary of the assistance you are seeking (for example, advice, orinspection of data or hardware).
Information or hardware provided to ncsc
Please identify any information and/or hardware you are providing to NCSC for the purpose of receiving evaluation services. This information and hardware must only be that related to the cyber security incident reported to NCSC.
/
PART 4: SUBMISSION OFrequest FOR assistance
  • This form must be submitted to NCSC by a person authorised by your organisation to do so. (NCSC may request separate written confirmation of this authority.)
  • NCSC may only provide assistance on the basis of the terms and conditions set out in this form (NCSC Evaluation Services Terms and Conditions). By submitting this completed form your organisation agrees to the application of those terms and conditionsto any evaluation services NCSC may provide in respect of the cyber security incident reported in this form.
  • A NCSC representative will contact one of your identified contact persons to discuss your request for assistance and will advise whether NCSC is able to provide evaluation services.

Signature of authorised person:
Date:Click here to enter text.
Name:Click here to enter text.
Job Title:Click here to enter text.

NCSC |PO Box 12-209 Wellington | tel. +64 4 498 7654 | ge 1 of 5

NCSC Evaluation Services Terms and Conditions

The Evaluation Services

  1. The Evaluation Services are those services (if any) NCSC provides to you (the organisation requesting assistance or, where appropriate, the individual) in relation to evaluation of the cyber security incident you have reported to NCSC.
  2. The Evaluation Services may include using NCSC tools to analyse any information or hardware you provide to NCSC.
  3. NCSC will endeavour to report to you on the results of any Evaluation Services NCSC provides. NCSC will determine the form and content of any such report.

Application of these terms and conditions

  1. These terms and conditions apply to any Evaluation Services NCSC may provide you in relation to the cyber security incident you have reported to NCSC.
  2. These terms and conditions form part of a legally binding agreement between the Government Communications Security Bureau (acting through NCSC) and you.
  3. The agreement begins when NCSC advises you it will provide Evaluation Services in relation to the incident you have reported to NCSC and you have submitted this completed Cyber Security Incident – Request for Assistance (Evaluation Services) Form (the Form).

Yourability to provide information to NCSC

  1. You have the authority to provide the information and hardwarelisted in the Form to NCSC so that NCSC can provide you with Evaluation Services. This includes the authority to provide NCSC with communications of people who use your systems and information that may be considered personal.
  2. The persons identified as your contact persons in the Form are authorised to act and make decisions on your behalf in relation to any Evaluation Services provided by NCSC.

Confidentiality of information provided by NCSC

  1. The following information must only be disclosed to those people within your organisation who have a need to know the information:
  2. any information that NCSC provides to you during or after providing you with the Evaluation Services, including any reports on the result of the Evaluation Services; and
  3. the fact that NCSC is providing you with the Evaluation Services.
  4. The information identified in clause 9 above may only be disclosed outside of your organisation where required by law, or with the consent of NCSC. You will consult withNCSC before you make any disclosure outside of your organisation required by law.
  5. You must also comply with any specific instructions NCSC gives you about how to handle any information NCSC provides to you, including any reports.
  6. NCSC may require individual persons within your organisation, including identified contact people, to sign non-disclosure agreements before NCSC provides information to those persons.
  7. You will notify NCSC of any breaches of clauses 9 to 12.

How NCSC will protect and use your information

  1. NCSC will store the information or hardware provided by you for up to 12 months from the date of receipt, except where that information or hardware is associated with malicious activity or with indicators of malicious activity, which NCSC may store indefinitely.
  2. NCSC may use information or hardware provided by you and analysis of your information or hardware in reports about information assurance and cyber security provided to other entities.
  3. Unless you agree, NCSC will not disclose any information or hardware, or any analysis of information or hardware to another entity that would readily identify any authorised user of your systems.

Limitation of liability and indemnity

  1. The following limitations of NCSC’s liability apply, as far as they are permitted by law:
  2. NCSC has no liability to you in respect of any loss or damage that you might suffer as a result of any evaluation service provided to you by NCSC; and
  3. NCSC excludes any express or implied warranties in relation to any Evaluation Service provided to you.
  4. You indemnify NCSC in respect of any damage, liability, or related expenses that NCSC incurs as a result of any evaluation service provided to you by NCSC.
  5. Clause 18does not apply if you are a Crown department oragency.

When this agreement ends

  1. This agreement ends in any of the following situations:
  2. you ask NCSC to stop providing the Evaluation Services;
  3. NCSC decides to stop providing the Evaluation Services to you and informs you of this decision; or
  4. NCSC finishes providing you with the Evaluation Services.
  5. Even after this agreement ends, clauses 9 to 18above continue to operate.

NCSC |PO Box 12-209 Wellington | tel. +64 4 498 7654 | ge 1 of 5